CVE-2025-38202

MEDIUM EPSS 4.3%
Published Jul 4, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.19  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
debiandebian_linux11.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569
    Patch